diff --git a/builtins/parse_config.go b/builtins/parse_config.go index 110e2e670f..6422401340 100644 --- a/builtins/parse_config.go +++ b/builtins/parse_config.go @@ -56,23 +56,16 @@ func registerParseCombinedConfigFiles() { // parsed configuration as a Rego object. This can be used to parse all of the // configuration formats conftest supports in-line in Rego policies. func parseConfig(bctx rego.BuiltinContext, op1, op2 *ast.Term) (*ast.Term, error) { - args, err := decodeArgs([]*ast.Term{op1, op2}) + args, err := decodeTypedArgs("", op1, op2) if err != nil { return nil, fmt.Errorf("decode args: %w", err) } - parserName, ok := args[0].(string) - if !ok { - return nil, fmt.Errorf("parser name %v [%T] is not expected type string", args[0], args[0]) - } - config, ok := args[1].(string) - if !ok { - return nil, fmt.Errorf("config %v [%T] is not expected type string", args[1], args[1]) - } + parserName, config := args[0], args[1] + parser, err := parser.New(parserName) if err != nil { return nil, fmt.Errorf("create config parser: %w", err) } - var cfg map[string]interface{} if err := parser.Unmarshal([]byte(config), &cfg); err != nil { return nil, fmt.Errorf("unmarshal config: %w", err) @@ -84,15 +77,12 @@ func parseConfig(bctx rego.BuiltinContext, op1, op2 *ast.Term) (*ast.Term, error // parseConfigFile takes a config file path, parses the config file, and // returns the parsed configuration as a Rego object. func parseConfigFile(bctx rego.BuiltinContext, op1 *ast.Term) (*ast.Term, error) { - args, err := decodeArgs([]*ast.Term{op1}) + args, err := decodeTypedArgs("", op1) if err != nil { return nil, fmt.Errorf("decode args: %w", err) } - file, ok := args[0].(string) - if !ok { - return nil, fmt.Errorf("file %v [%T] is not expected type string", args[0], args[0]) - } - filePath := filepath.Join(filepath.Dir(bctx.Location.File), file) + filePath := filepath.Join(filepath.Dir(bctx.Location.File), args[0]) + parser, err := parser.NewFromPath(filePath) if err != nil { return nil, fmt.Errorf("create config parser: %w", err) @@ -112,17 +102,15 @@ func parseConfigFile(bctx rego.BuiltinContext, op1 *ast.Term) (*ast.Term, error) // parseCombinedConfigFiles func parseCombinedConfigFiles(bctx rego.BuiltinContext, op1 *ast.Term) (*ast.Term, error) { - args, err := decodeArgs([]*ast.Term{op1}) + args, err := decodeTypedArgs([]string{}, op1) if err != nil { return nil, fmt.Errorf("decode args: %w", err) } filePaths := []string{} - fileList := args[0].([]interface{}) - for _, file := range fileList { - filePaths = append(filePaths, filepath.Join(filepath.Dir(bctx.Location.File), file.(string))) + for _, file := range args[0] { + filePaths = append(filePaths, filepath.Join(filepath.Dir(bctx.Location.File), file)) } - cfg, err := parser.ParseConfigurations(filePaths) if err != nil { return nil, fmt.Errorf("failed to parse combine configurations: %w", err) @@ -136,14 +124,18 @@ func parseCombinedConfigFiles(bctx rego.BuiltinContext, op1 *ast.Term) (*ast.Ter return toAST(bctx, combinedCfg["Combined"], combinedContent) } -func decodeArgs(args []*ast.Term) ([]interface{}, error) { - decoded := make([]interface{}, len(args)) +func decodeTypedArgs[T any](ty T, args ...*ast.Term) ([]T, error) { + decoded := make([]T, len(args)) for i, arg := range args { iface, err := ast.ValueToInterface(arg.Value, nil) if err != nil { return nil, fmt.Errorf("ast.ValueToInterface: %w", err) } - decoded[i] = iface + v, ok := iface.(T) + if !ok { + return nil, fmt.Errorf("argument %d is not type %T, have %T", i, ty, iface) + } + decoded[i] = v } return decoded, nil diff --git a/parser/cyclonedx/cyclonedx_test.go b/parser/cyclonedx/cyclonedx_test.go index ce8a870504..9395dbea6f 100644 --- a/parser/cyclonedx/cyclonedx_test.go +++ b/parser/cyclonedx/cyclonedx_test.go @@ -49,6 +49,7 @@ func TestCycloneDXParserValid(t *testing.T) { t.Error("There should be information parsed but its nil") } + //#nosec https://github.com/securego/gosec/issues/1001 is fixed expectedSHA256 := "sha256:d7ec60cf8390612b360c857688b383068b580d9a6ab78417c9493170ad3f1616" metadata := input.(map[string]interface{})["metadata"] @@ -103,6 +104,7 @@ func TestCycloneDXParserInValid(t *testing.T) { t.Error("There should be information parsed but its nil") } + //#nosec https://github.com/securego/gosec/issues/1001 is fixed expectedSHA256 := "sha256:d7ec60cf8390612b360c857688b383068b580d9a6ab78417c9493170ad3f1616" metadata := input.(map[string]interface{})["metadata"]